36601078


Investigating and Dealing with Corruption:
Actions by Organisations

This section provides guidance on how an organisation may investigate and deal with any corruption, or any breach of its anti-corruption policy or programme, which is reported, detected or reasonably suspected (Measure 19 of the Anti-Corruption Programme for Organisations). 

Separate web-pages provide information on:

  • Dealing with Corruption: Actions by Individuals: This web-page suggests actions which an individual could take if she/he personally encounters corruption in her/his employment, or in a project in which she/he is involved, or generally (for example, in obtaining a work permit).   It can also be used by an organisation as part of its anti-corruption training for its employees.
  • Dealing with Corruption: Actions by the Public: This web-page suggests actions which a member of the public could take if she/he suspects that there is corrupt activity in relation to a project, and that this corruption could have some adverse impact on a matter of public concern such as public health, safety, the environment, historic buildings, the landscape, breach of building regulations or planning restrictions, or inflated project cost for which the public will ultimately pay.

Actions by organisations

As explained in What is Corruption, GIACC uses the term “corruption” in the wider sense to include bribery, extortion, fraud, cartels, abuse of power, embezzlement, and money laundering.  Consequently, the guidance in this section applies to all such criminal activity.

How an organisation investigates and deals with a particular issue will depend on the circumstances. Every situation is different, and the organisation’s response should be reasonable and proportionate to the circumstances.  A report of a major issue of suspected corruption would require a far more urgent, significant and detailed action than a minor breach of anti-corruption controls. The suggestions below are for guidance only and should not be taken as comprehensive or prescriptive.  Common sense and discretion need to be used on every occasion.  Legal advice may need to be taken.

These actions are only those actions which the organisation might take. Any actions which may require action or decision by an individual employee who personally encounters corruption in her/his employment, or in a project in which she/he is involved are set out in Dealing with Corruption: Actions by Individuals

(1) Potentially corrupt situations

The organisation may need to deal with potential or actual corruption in many different situations.  These may include, for example:

  • An employee of the organisation reports that someone has demanded a bribe from her/him which she/he has not paid.
  • An employee of the organisation reports that she/he has paid a bribe, either voluntarily or under threat of personal harm.
  • An employee of the organisation, in the course of her/his employment, commits fraud.
  • A subsidiary or business associate of the organisation pays a bribe or commits fraud in relation to which the organisation could be implicated.
  • The organisation discovers that it has been the victim of bribery or fraud committed by another organisation.
  • The organisation is involved in a cartel.
  • The organisation discovers that a payment it has received could constitute money laundering.

The organisation may discover that there has been a breach of its anti-corruption programme. For example:

  • This could be relatively minor procedural breach which is easily rectified and which does not involve any corruption (e.g. failure of an employee to attend a training workshop).
  • It could be a serious breach which in itself is a corrupt event (e.g. an employee breaching the anti-corruption policy by paying a bribe).

(2) Actions by the organisation

The organisation could take some or all of the following actions in relation to any corruption, or any breach of its anti-corruption policy or programme, which is reported, detected or reasonably suspected.

(2.1) Receipt of report

The compliance manager should preferably be the recipient of any reports of suspected or actual corruption or breach of the anti-corruption policy or programme.  If the reports go in the first instance to another person, then the organisation’s procedures should ensure that the report is passed on to the compliance manager as soon as possible.  In some cases, the compliance manager will be the person who identifies a suspicion or breach.

(2.2) Responsibility for decision

The organisation’s procedures should determine who has responsibility for deciding how any reported or identified issue is investigated and dealt with.  For example:

  1. A small organisation may implement a procedure under which all issues, of whatever magnitude, should be reported straight away by the compliance manager to the board for board decision on how to respond. 
  2. A larger organisation may implement a procedure under which:
    • minor issues are dealt with by the compliance manager, with a periodic summary report of all minor issues being made to the board
    • major issues are reported straight away by the compliance manager to the board for board decision on how to respond. 

(2.3) Identification of issues

The board or the compliance manager (as appropriate under 2.2) should then assess the known facts and potential severity of the issue.  If they do not already have sufficient facts on which to make a decision, they should implement an investigation.

(2.4) Responsibility for action

The board or compliance manager (as appropriate under 2.2) should appoint someone with overall responsibility for following up on the issue and reporting back to the board or compliance manager (as appropriate). 

(2.5) Co-operation of personnel

The board may need to take active steps to require the full co-operation of personnel in the investigation.

(2.6) Investigation

Any investigation should be carried out by a person who was not involved in the issue.  It could be the compliance manager, internal audit, another appropriate manager or an appropriate third party.  The person investigating should be given appropriate authority, resources and access by the board to enable the investigation to be effectively carried out.  The investigation should promptly establish the facts and collect all necessary evidence by, for example: 

  1. making enquiries to establish the facts;
  2. collecting together all relevant documents and other evidence;
  3. obtaining witness evidence;
  4. where possible and reasonable, requesting reports on the issue to be made in writing and signed by the individuals making them.

The results of the investigation should as soon as possible be reported to the board or the compliance manager as appropriate.

(2.7) Consideration of all relevant factors

In undertaking the investigation and any follow up action, the organisation needs to consider all relevant factors, including those listed below).

(2.8) Cautions

In determining how to deal with a corrupt situation, an organisation should keep in mind that there are risks inherent in taking action in response to corruption. All steps listed in this section should be considered in the light of the possible risks. These risks include: 

  1. Risk of personal harm to those reporting the corruption or seeking to remedy it.
  2. Risk of discrimination against individuals and companies who speak out against the corruption.
  3. Risk of incurring liability for defamation if accusations of corruption cannot be substantiated.
  4. Risk of financial loss if reports of corruption are made against an organisation or individual which owes money to or has some other financial hold over the organisation reporting the corruption.
  5. Risk of financial or commercial harm if reports are made against an influential organisation or individual.
  6. Risk of prosecution of the individuals and organisation(s) concerned.
  7. Risk of debarment from future work for the organisation(s) concerned.

Although these factors need to be taken into account by the organisation in determining the actions it should take, the organisation should not condone any corruption, or aid or abet the concealment of any corruption, or fail to address any corruption, regardless of the persons involved or the importance of the relevant business transaction.  Any such action could result in criminal liability for the organisation and the individual board members.

(2.9) Safety

If an employee is at personal risk as a result of reporting corruption or being involved in a corrupt situation, the organisation should take reasonable steps to protect the individual. This could include making an appropriate payment to avoid the individual being harmed, removing the individual from the dangerous situation, and/or requesting police protection.

(2.10) Confidentiality

Because of the sensitive and possibly dangerous or defamatory nature of corruption issues, the organisation should, except to the extent required by law and/or necessary for any investigative or remedial actions it takes, keep the circumstances and parties involved confidential.

(2.11) Protecting whistle-blowers

The organisation should, as far is permitted by law, ensure that personnel who have reported corruption are protected (unless they were personally involved in the corruption) by: 

  1. keeping their identity confidential;
  2. ensuring that they do not suffer adverse discrimination from other personnel within the organisation.

(2.12) Obtaining legal advice

If necessary or appropriate, the organisation should obtain legal advice as to its position under local law and under the law of its home country.  Depending on the circumstances, this could include, for example:

  1. which individuals and organisations may have incurred liability for the corruption offences in question;
  2. the penalties that might apply to each individual and organisation implicated;
  3. whether failure to report the corruption to the criminal authorities would be an offence;
  4. whether the law provides protection from self-incrimination;
  5. whether statements in reports or documents could be defamatory;
  6. in the case of corruption perpetrated by the organisation, whether the corruption can be remedied or other steps taken so as to mitigate or avoid liability;
  7. in circumstances where the organisation is part of a cartel, whether the organisation would receive immunity from prosecution, or some mitigation of liability, if it reported the cartel;
  8. the nature of evidence that would be legally valid in a court of law;
  9. what civil action may be taken against the organisation (in situations where the organisation has perpetrated bribery or fraud);
  10. what civil action may be taken by the organisation (in situations where the organisation may have been the victim of bribery or fraud);
  11. what other steps should be taken to protect the interests of the organisation and its relevant personnel;
  12. how to assist in any investigation and ensure that no steps are taken which might prejudice an investigation.

(2.13) Undoing or remedying corruption

If the organisation discovers that one or more of its personnel is involved in corruption which has or may result in the organisation receiving some illicit benefit, then the organisation should consider how to undo or remedy the situation. This may involve: 

  1. taking legal advice as to how to remedy the corruption without self-incrimination;
  2. withdrawing from any procurement process, or resultant contract, where the organisation has been or may be awarded the contract through corruption;
  3. repaying any benefit obtained as a result of bribery or fraud.

(2.14) Seeking a remedy for corruption

If the organisation has been or may be a victim of corruption (for example, where it may lose or has lost a tender because of bribery by a competitor, or where it has paid out money on the basis of a fraudulent claim), the organisation should consider: 

  1. requiring the corrupt party to take remedial action (for example, to withdraw from the procurement process or repay the money obtained through the bribery or fraud);
  2. requesting other parties who are in a position to do so to take remedial action (for example, a project owner could be requested to disqualify the corrupt party from the procurement process or to terminate the contract which has been corruptly awarded to the party);
  3. informing all other parties who may be affected by the bribery or fraud (such as other bidders) of the corruption;
  4. taking legal action against the corrupt company and any other party who participated in the bribery or fraud (for example, employees of the project owner in relation to a corrupt procurement process, or corrupt consultants who prepared a fraudulent claim);
  5. reporting the matter to the criminal authorities (see 2.16 below).

(2.15) Disciplining personnel

Personnel who have engaged in corrupt activity during the course of their employment should be appropriately dealt with by the organisation. Disciplinary action would range from a warning for a minor offence to dismissal for a serious offence.

(2.16) Reporting corruption to the authorities

The organisation should decide whether to report the matter to the authorities. This decision will be affected by the following situations: 

  1. Reporting corruption – where failure to report corruption is a criminal offence, but the organisation and its employees are not implicated in the corruption: In this situation, the organisation should make such reports as are necessary to comply with the law.
  2. Reporting corruption – where failure to report corruption is a criminal offence, and the organisation and its employees are implicated in the corruption: In this situation, the organisation is in a difficult position as, if it reports the corruption, it risks incriminating itself and/or its employee(s). Alternatively, if it does not report the corruption it will be committing a further criminal offence. It is not possible in this situation to provide advice as to the action that should be taken. However, in deciding whether or not to make a report, the organisation should consider, and take legal advice regarding, the following factors:
    • What are the risks of being prosecuted for failing to report the corruption and the likely penalties
    • What are the risks of being prosecuted for the corruption offence(s) in question and the likely penalties?
    • Is there any protection against self-incrimination under the relevant law?
    • Would reporting the corruption:
      • result in immunity from prosecution for the corruption in question?
      • mitigate any criminal penalty that may be imposed for the corruption in question?
      • mitigate any other penalty (such as debarment) that may be imposed for the corruption in question
  3. Reporting corruption – where failure to report corruption is not a criminal offence, and the organisation and its employees are not implicated in the corruption: In this situation, the organisation should consider the following factors in deciding whether or not to make a report:
    • Is the organisation under some other legal obligation to report the corruption (for example, if the organisation has signed an anti-corruption agreement which obliges reporting)?
    • Would reporting the corruption mitigate:
      • any criminal penalty that may be imposed for any other corruption for which the organisation is or might be liable? and/or
      • any other penalty (such as debarment) that may be imposed for other corruption for which the organisation is or might be liable?
    • Is the organisation generally committed to trying to eradicate corruption and would reporting corruption assist in doing this?
    • What are the penalties for corruption under the relevant law? Are they extreme (such as execution), and would the organisation be comfortable reporting corruption in such circumstances?
    • Can the persons or organisations responsible for the corruption be persuaded to undo the corruption without having to report the matter to the criminal authorities?
    • Would the organisation or any of its employees be placed in any danger if the corruption was reported? 
  4. Reporting corruption – where failure to report corruption is not a criminal offence, but the organisation and/or its employees are implicated in the corruption: In this situation, the organisation would probably incriminate itself and/or its employees if it reported the corruption. In considering whether or not to make a report, it should inter alia consider whether reporting the corruption would:
    • result in immunity from prosecution for the corruption in question;
    • mitigate any criminal penalty that may be imposed for the corruption in question;
    • mitigate any other penalty (such as debarment) that may be imposed for the corruption in question;
    • mitigate any criminal penalty that may be imposed for any other corruption for which the organisation is or might be liable;
    • mitigate any other penalty (such as debarment) that may be imposed for any other corruption for which the organisation is or might be liable.

(2.17) Avoiding consequent offences

If corruption has occurred, the organisation should take appropriate action to avoid or deal with any possible consequent legal offences (e.g. false accounting which may occur where a bribe is falsely described in the accounts, or a tax offence where a bribe is wrongly deducted from income, or money-laundering where the proceeds of a crime are dealt with). 

(2.18) Reviewing the organisation’s policy and procedures

Both where the organisation has perpetrated corruption and where the organisation has been a victim of corruption, the organisation should examine whether the situation arose because of some breach or inadequacy in its procedures and, if so, it should take immediate steps to improve its procedures and its compliance with them.  If the incident involved breach of an anti-corruption procedure, but no resultant corruption, then the organisation should take steps to avoid any repetition of the breach.

(2.19) Maintaining records

The organisation should maintain appropriate records of the issue, of its handling of the issue, and of the outcome.  These records should be maintained for the appropriate period required by law.  In some cases this may require permanent maintenance of records, as in many jurisdictions, there is no limitation period for criminal prosecutions.

Most recent update on 10th April 2020

Page first published on 1st May 2008

© GIACC